PR feedback

gravitational · Jan 23, 2025 · 10feddd · 10feddd
1 parent 9bb0b60
commit 10feddd
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 22 deletions.
diff --git a/lib/srv/discovery/access_graph_aws.go b/lib/srv/discovery/access_graph_aws.go
@@ -50,6 +50,15 @@ const (
 	batchSize = 500
 	// defaultPollInterval is the default interval between polling for access graph resources
 	defaultPollInterval = 15 * time.Minute
+	// Configure health check service to monitor access graph service and
+	// automatically reconnect if the connection is lost without
+	// relying on new events from the auth server to trigger a reconnect.
+	serviceConfig = `{
+		 "loadBalancingPolicy": "round_robin",
+		 "healthCheckConfig": {
+			 "serviceName": ""
+		 }
+	 }`
 )
 
 // errNoAccessGraphFetchers is returned when there are no TAG fetchers.
@@ -257,15 +266,6 @@ func (s *Server) initializeAndWatchAccessGraph(ctx context.Context, reloadCh <-c
 	const (
 		// aws discovery semaphore lock.
 		semaphoreName = "access_graph_aws_sync"
-		// Configure health check service to monitor access graph service and
-		// automatically reconnect if the connection is lost without
-		// relying on new events from the auth server to trigger a reconnect.
-		serviceConfig = `{
-		 "loadBalancingPolicy": "round_robin",
-		 "healthCheckConfig": {
-			 "serviceName": ""
-		 }
-	 }`
 	)
 
 	clusterFeatures := s.Config.ClusterFeatures()

diff --git a/lib/srv/discovery/access_graph_azure.go b/lib/srv/discovery/access_graph_azure.go
@@ -1,6 +1,6 @@
 /*
  * Teleport
- * Copyright (C) 2024  Gravitational, Inc.
+ * Copyright (C) 2025  Gravitational, Inc.
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -66,6 +66,7 @@ func (s *Server) reconcileAccessGraphAzure(
 
 	// Fetch results concurrently
 	resultsC := make(chan fetcherResult, len(allFetchers))
+	// Restricts concurrently running fetchers to 3
 	tokens := make(chan struct{}, 3)
 	accountIds := map[string]struct{}{}
 	for _, fetcher := range allFetchers {
@@ -217,12 +218,6 @@ func (s *Server) initializeAndWatchAzureAccessGraph(ctx context.Context, reloadC
 	const (
 		semaphoreExpiration = time.Minute
 		semaphoreName       = "access_graph_azure_sync"
-		serviceConfig       = `{
-		 "loadBalancingPolicy": "round_robin",
-		 "healthCheckConfig": {
-			 "serviceName": ""
-		 }
-	 }`
 	)
 	lease, err := services.AcquireSemaphoreLockWithRetry(
 		ctx,
@@ -255,7 +250,7 @@ func (s *Server) initializeAndWatchAzureAccessGraph(ctx context.Context, reloadC
 	defer func() {
 		lease.Stop()
 		if err := lease.Wait(); err != nil {
-			s.Log.WarnContext(ctx, "error cleaning up semaphore", "error", err)
+			s.Log.WarnContext(ctx, "error cleaning up semaphore", "error", err, "semaphore", semaphoreName)
 		}
 	}()
 

diff --git a/lib/srv/discovery/fetchers/azuresync/azure-sync.go b/lib/srv/discovery/fetchers/azuresync/azure-sync.go
@@ -181,11 +181,6 @@ func (f *Fetcher) fetch(ctx context.Context, feats Features) (*Resources, error)
 				errsCh <- err
 				return nil
 			}
-			principals, err = expandMemberships(ctx, f.graphClient, principals)
-			if err != nil {
-				errsCh <- err
-				return nil
-			}
 			result.Principals, err = expandMemberships(ctx, f.graphClient, principals)
 			if err != nil {
 				errsCh <- err